Security is paramount for e-commerce software like Oscar. Hence, we have
adopted a policy which allows for responsible resporting and disclosure of
security related issues.

If you believe you have found something in Oscar (or one of its extensions)
which has security implications, please report is via email to
oscar.security@tangentlabs.co.uk. Someone from the core team will
acknowledge your report and take appropriate action.

Well-written bug reports are incredibly helpful. However, there’s a certain
amount of overhead involved in working with any bug tracking system so your
help in keeping our ticket tracker as useful as possible is appreciated. In
particular:

Do ask on django-oscarfirst if you’re not sure if
what you’re seeing is a bug.

Do write complete, reproducible, specific bug reports. You must
include a clear, concise description of the problem, and a set of
instructions for replicating it. Add as much debug information as you can:
code snippets, test cases, exception backtraces, screenshots, etc. A nice
small test case is the best way to report a bug, as it gives us an easy
way to confirm the bug quickly.

We’re always trying to make Oscar better, and your feature requests are a key
part of that. Here are some tips on how to make a request most effectively:

First request the feature on the django-oscar list, not in the
ticket tracker. It’ll get read more closely if it’s on the mailing list.
This is even more important for large-scale feature requests. We like to
discuss any big changes to Oscar’s core on the mailing list before
actually working on them.

Describe clearly and concisely what the missing feature is and how you’d
like to see it implemented. Include example code (non-functional is OK)
if possible.

Explain why you’d like the feature, because sometimes it isn’t obvious
why the feature would be useful.

As with most open-source projects, code talks. If you are willing to write the
code for the feature yourself or, even better, if you’ve already written it,
it’s much more likely to be accepted. Just fork Oscar on GitHub, create a
feature branch, and show us your work!